DBM - Deadly Boss Mods (DBM-Core)

DBM - Deadly Boss Mods (DBM-Core)

530M Downloads

False positive warning of Trojan on download of DBM

madkort opened this issue · 13 comments

commented

Hello, Devs.

Any explanations for this?
https://gyazo.com/964b147fb43e48e9cd7520ad21c017e1

image

Since when you are adding wierd stuff to your addon?
RU translation: Trojan found with updating dbm with latest patch

commented

I got one too in english if it makes it any easier to fix, weirdly not the same file.
Happens if I try to update it through CurseForge
image

commented

I honestly have no idea. our zips are created by a community packager directly from repo, which means they include no files you can't see directly in github repository. It also can't be introduced by packager since that's also open source on github and not intruding anything. I'll need to contact curseforge.

commented

This is a false positive from Windows Defender, no other antivirus triggers on this:
https://www.virustotal.com/gui/file/1f3520776f1931d8a2f37cbf0bff470cb67e9dcf9791f622cb6912d93b7b467a/detection

commented

I got one too in english if it makes it any easier to fix, weirdly not the same file.
Happens if I try to update it through CurseForge
image

I got the same issue when trying to update DBM this morning. Deleted the Addon and tried again and then was hit with multiple trojan attempts, which were blocked by my firewall. I have removed the addon and won't be downloading it again until this is fixed. I hope you understand.

commented

This is a false positive from Windows Defender, no other antivirus triggers on this:
https://www.virustotal.com/gui/file/1f3520776f1931d8a2f37cbf0bff470cb67e9dcf9791f622cb6912d93b7b467a/detection

I'm not using Windows Defender.

commented

It looks like it’s a has collision on zip file itself. It shares a hash with a known malware zip.

you can literally downnload the first alpha after 9.1.9, 9.1.9-1 and it'll show clean, and the only difference between those two files if you do an exact file compare is the version number.

I'll be doing a new tag regardless to avoid paranoia and delete the zip that has hash collision

commented

I'm not using Windows Defender.

What are you using?

commented

New post on issue here: https://www.patreon.com/posts/55047651

gonna close ticket now since things are getting quieter. I think the false flag was already corrected.

commented

Reopening for visability for now. To resolve this, update windows defender to latest definitions. Refer to https://www.microsoft.com/en-us/wdsi/defenderupdates for instructions

To learn more about what happened, read:
https://www.patreon.com/posts/dbm-9-1-9-false-55047651

commented

just got
Trojan:Script/Sabsik.FL.A!ml
on DBM-Core-9.1.9.zip
from Windows Defender

commented

Just had this same problem happen to me 30 minutes ago and same multiple trojan warnings plus one other add on does it to but wont let me update DBM and it keeps crashing Curse Forge and i also use windows defender but get a slight differences in report details just like everyone else i hope you can get to the bottom of this soon

Thankyou Neil
Desktop Screenshot 2021 08 19 - 12 19 08 56

commented

Reopening for visability for now. To resolve this, update windows defender to latest definitions. Refer to microsoft.com/en-us/wdsi/defenderupdates for instructions

To learn more about what happened, read:
patreon.com/posts/dbm-9-1-9-false-55047651

The solution is here, Locking topic for now so new replies don't keep burying the solution/info about it. Please read the stated links

commented

Reopening same issue as last time just to signify how silly this is. Literally same false positives yet again on one year anniversary. Can't even make that up. My guess, was probably never actually fixed, and whitelist was only for one year or something...Total guess, but can't be coincidence on that timing.